1 / 16

COM 5336 Cryptography Lecture 7a Primality Testing

This lecture delves into the essence of primality testing, which is crucial in cryptography. A prime number has two distinct positive divisors, while composite numbers do not. We explore various algorithms, including naive tests, the Sieve of Eratosthenes, Fermat's Little Theorem, and the Miller-Rabin test. Understanding the running times and effectiveness of these tests is paramount, especially in identifying prime numbers within cryptographic systems. Key topics include deterministic versus probabilistic tests and the significance of pseudoprimes and strong liars.

hedia
Télécharger la présentation

COM 5336 Cryptography Lecture 7a Primality Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COM 5336 CryptographyLecture 7aPrimality Testing Scott CH Huang 1

  2. Definition • A prime number is a positive integer p having exactly two positive divisors, 1 and p. • A composite number is a positive integer n > 1 which is not prime. COM 5336 Cryptography Lecture 7a

  3. Primality Test vs Factorization • Factorization’s outputs are non-trivial divisors. • Primality test’s output is binary: either PRIME or COMPOSITE COM 5336 Cryptography Lecture 7a

  4. Naïve Primality Test Input: Integer n > 2 Output: PRIME or COMPOSITE for (i from 2 to n-1){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

  5. Still Naïve Primality Test Input/Output: same as the naïve test for (i from 1 to ){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

  6. Sieve of Eratosthenes Input/Output: same as the naïve test Let A be an arry of length n Set all but the first element of A to TRUE for (i from 2 to ){ if (A[i]=TRUE) Set all multiples of i to FALSE } if (A[i]=TRUE) return PRIME else return COMPOSITE COM 5336 Cryptography Lecture 7a

  7. Primality Testing Two categories of primality tests • Probablistic • Miller-Rabin Probabilistic Primality Test • Cyclotomic Probabilistic Primality Test • Elliptic Curve Probabilistic Primality Test • Deterministic • Miller-Rabin Deterministic Primality Test • Cyclotomic Deterministic Primality Test • Agrawal-Kayal-Saxena (AKS) Primality Test COM 5336 Cryptography Lecture 7a

  8. Running Time of Primality Tests • Miller-Rabin Primality Test • Polynomial Time • Cyclotomic Primality Test • Exponential Time, but almost poly-time • Elliptic Curve Primality Test • Don’t know. Hard to Estimate, but looks like poly-time. • AKS Primality Test • Poly-time, but only asymptotically good. COM 5336 Cryptography Lecture 7a

  9. Fermat’s Primality Test • It’s more of a “compositeness test” than a primality test. • Fermat’s Little Theorem: If p is prime and , then • If we can find an a s.t. , then n must be a composite. • If, for some a, n passes the test, we cannot conclude n is prime. Such n is a pseudoprime. If this pseudoprime n is not prime, then this a is called a Fermat liar. • If, for all we have can we conclude n is prime? • No. Such n is called a Carmichael number. COM 5336 Cryptography Lecture 7a

  10. Pseudocode of Fermat’s Primality Test FERMAT(n,t){ INPUT: odd integer n ≥ 3, # of repetition t OUTPUT: PRIME or COMPOSITE for (i from 1 to t){ Choose a random integer a s.t. 2 ≤ a ≤ n-2 Compute if ( ) return COMPOSITE } return PRIME } COM 5336 Cryptography Lecture 7a

  11. Miller-Rabin Probabilistic Primality Test • It’s more of a “compositeness test” than a primality test. • It does not give proof that a number n is prime, it only tells us that, with high probability, n is prime. • It’s a randomized algorithm of Las Vegas type. COM 5336 Cryptography Lecture 7a

  12. A Motivating Observation FACT: • Let p be an odd prime. . If then • Moreover, if , and m is odd. Let . Then either or for some COM 5336 Cryptography Lecture 7a

  13. Miller-Rabin • If and Then a is a strong witness for the compositeness of n. • If or for some then n is called a pseudoprime w.r.t. base a, and a is called a strong liar. COM 5336 Cryptography Lecture 7a

  14. Miller-Rabin: Algorithm Pseudocode MILLER-RABIN(n,t){ INPUT: odd integer n ≥ 3, # of repetition t Compute k & odd m s.t. for ( i from 1 to t ){ Choose a random integer a s.t. Compute if ( or ){ Set while( and ){ Set if ( ) return COMPOSITE } if ( ) return COMPOSITE } } return PRIME } COM 5336 Cryptography Lecture 7a

  15. Miller-Rabin: Example • n = 91 • 90 = 2*45, s = 1, r = 45 • {1,9,10,12,16,17,22,29,38,53,62,69,74, 75,79,81,82,90} are all strong liars. • 945 = 1 mod 91 • 1045 = 1 mod 91 • …. • All other bases are strong witnesses. • 97 = 9 mod 91 • 98 = 81 mod 91 COM 5336 Cryptography Lecture 7a

  16. Miller-Rabin: Main Theorem Theorem: Given n > 9. Let B be the number of strong liars. Then If the Generalized Riemann Hypothesis is true, then Miller-Rabin primality test can be made deterministic by running MILLER-RABIN(n,2log2n) COM 5336 Cryptography Lecture 7a

More Related